New Samba targets Active Directory

A next-generation test version of the open source Samba file sharing software has been made available, with features emulating Microsoft's Active Directory ID management software. The popular Samba suite is an implementation of Microsoft's SMB (Server Message Block)/CIFS (Common Internet File System) protocol that allows other operating systems to emulate or interoperate with Windows for the purposes of sharing files or printing.

A next-generation test version of the open
source Samba file sharing software has been made available, with
features emulating Microsoft's Active Directory ID management
software.

The popular Samba suite is an implementation of Microsoft's SMB (Server Message Block)/CIFS (Common Internet File System)
protocol that allows other operating systems to emulate or
interoperate with Windows for the purposes of sharing
files or printing.

Releasing a new version of the software today in conjunction
with a speech on the subject by Australia-based Samba creator Andrew Tridgell at the Linux.conf.au conference in New Zealand, the team behind
the software outlined its new features.

"Samba 4 supports the server-side of the Active Directory
logon environment used by Windows 2000 and later, so we can do
full domain join and domain logon operations with these clients,"
the group said in a statement on its Web site, noting this feature was "the main emphasis" for the new software.

The Samba developers noted their implementation of Kerberos correctly dealt with the "infamous Kerberos PAC (Privilege Access Certificate)" -- a data field in the Kerberos authentication protocol which attracted controversy when critics claimed that Microsoft's version tied users into its own version of Kerberos.

Other improvements include the integration of Samba's
Web-based administration tool (SWAT), a new scripting interface
which allows Javascript programs to interface with Samba's
"internals", and new Virtual Filesystem (VFS) features.

Also, "the Samba 4 architecture is based around an LDAP-like
database that can use a range of modular backends".

"We are aiming for Samba 4 to be a powerful front end to large
directories," said the statement.

Homegrown hero?
One Linux enthusiast who saw Tridgell's Linux.conf.au speech
enthused about it on his blog soon afterwards.

"The hall was packed for one of Australia's homegrown heroes,"
wrote Brisbane-based Joshua Wulf.

"The Vampire migration tool [employed to shift users from Windows to Samba] now has 'longer fangs' and can
take over an Active Directory domain."

"Tridge demonstrated sucking the life out a Windows 2003 PDC
[primary domain controller] in one click, importing all its user
and machine information using SWAT."

"He then restarted [domain server] BIND on his Samba 4 server,
changed the server role to PDC ... shut down the Windows PDC and
then logged into the domain with an XP client using the new Samba
4 server as the PDC."

"This elicited suitable oohs and aahs from the audience,"
wrote Wulf.

However, the Samba team warned system administrators to be
careful with the new software, which is dubbed a "technology
preview" unsuitable for use on production systems.

"There is no printing support in the current release," the
group's statement said.

"We recommend against upgrading any production servers from
Samba 3 to Samba 4 at this stage."

"We expect that format changes will require that the user
database be rebuilt from scratch a number of times before we make
a final release, losing password data each time."

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.